mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
bc983ce9f5
* fix(handlers,web): user is now redirected when authenticated Fix: #1788 * remove dead code and fix ci issues * fix infinite loop in frontend * fix issue with integration tests * handle bot recommendation * fix integration test & add dot to comment * fix last integration test * Update api/openapi.yml Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update api/openapi.yml * Update openapi.yml * refactor: valid -> safe * refactor: adjust merge conflicts * Apply suggestions from code review Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * fix: adjust test return messaging Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
32 lines
718 B
Go
32 lines
718 B
Go
package utils
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
"strings"
|
|
)
|
|
|
|
// IsRedirectionSafe determines whether the URL is safe to be redirected to.
|
|
func IsRedirectionSafe(url url.URL, protectedDomain string) bool {
|
|
if url.Scheme != "https" {
|
|
return false
|
|
}
|
|
|
|
if !strings.HasSuffix(url.Hostname(), protectedDomain) {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// IsRedirectionURISafe determines whether the URI is safe to be redirected to.
|
|
func IsRedirectionURISafe(uri, protectedDomain string) (bool, error) {
|
|
targetURL, err := url.ParseRequestURI(uri)
|
|
|
|
if err != nil {
|
|
return false, fmt.Errorf("Unable to parse redirection URI %s: %w", uri, err)
|
|
}
|
|
|
|
return targetURL != nil && IsRedirectionSafe(*targetURL, protectedDomain), nil
|
|
}
|